How to Check, Change, and Reset the MySQL Root Password (Complete Guide for Beginners)

1. How to Check the MySQL Root Password

The MySQL root password is a critical element in database management. However, especially for beginners, you may wonder, “I don’t know the password,” or “Where can I find the initial password?” In this section, we will explain specific methods to check the MySQL root password.

How to Check the Initial Password

In MySQL 5.7 and later, an initial password for the root user is automatically generated and recorded in the log file during installation. Follow the steps below to check this temporary password.

Steps

1. Open a terminal (or Command Prompt) to check the MySQL log file.
2. Run the following command:

sudo grep 'temporary password' /var/log/mysqld.log

3. The output will include something like the following:

[Note] A temporary password is generated for root@localhost: EaGapdplN0*m

4. In this case, EaGapdplN0*m is the initial password for the root user.

Important Notes

• The temporary password can only be used once. After logging in, you must change it immediately.
• If the log file cannot be found or you encounter a permission error, run the command with administrative privileges.

How to Check the Current Password

For security reasons, MySQL does not provide a command or method to directly view an existing root password. If you do not know the current password, refer to the section “What to Do If You Forgot the Root Password” and consider resetting it.

2. How to Change the MySQL Root Password

Regularly changing the MySQL root password is important for maintaining security. In this section, we will explain in detail how to change the password using the current root credentials.

Basic Steps to Change the Password

Follow these steps to log in to MySQL and set a new password.

Steps

1. Open a terminal or Command Prompt and enter the following command to log in to MySQL:

mysql -u root -p

• -u root specifies that the username is root.
• -p prompts you to enter the password during login.

1. Run the following SQL command to change the password:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewStrongPassword';

3. Reload the privilege information by running:

FLUSH PRIVILEGES;

4. After successfully executing the commands, log out of MySQL:

exit

Important Notes

• Use a Strong Password
• We recommend that your new password includes the following elements:
  • Uppercase and lowercase letters
  • Numbers
  • Symbols (e.g., @, #, $, !)
  • At least 12 characters in length
  Example: MyS3cure!2025
• Be Aware of Active Sessions
• If you change the password during a MySQL session, you may need to reconnect.
• Check User Privileges
• Make sure the root user has appropriate privileges. If you cannot change the password, contact your system administrator.

Common Issues When Changing the Password

Unable to Log In After Changing the Password

• Cause: You may not have executed the FLUSH PRIVILEGES command.
• Solution: Log in again and run FLUSH PRIVILEGES;.

The New Password Does Not Meet Security Policy Requirements

• Cause: MySQL may have a strict password policy enabled.
• Solution: Set a stronger password or adjust the policy settings if necessary.

3. What to Do If You Forgot the Root Password

If you forget the MySQL root password, you will not be able to access the database using normal login methods. However, by temporarily disabling MySQL’s authentication system, you can reset the password. In this section, we explain the detailed steps.

Steps to Reset the Root Password

1. Stop the MySQL Service

First, stop the MySQL service to temporarily shut down the database. Use the following command:

sudo systemctl stop mysqld

• If the command executes successfully, the MySQL service will stop.

2. Start MySQL with Authentication Disabled

Start MySQL with the --skip-grant-tables option to disable authentication.

sudo mysqld_safe --skip-grant-tables &

• This command starts MySQL without enforcing authentication.
• Important: Since security is significantly reduced in this mode, ensure no other users can access the system while performing this operation.

3. Reset the Root Password

Log in to MySQL while authentication is disabled and reset the password.

1. Log in to MySQL:

mysql -u root

2. Set a new root password with the following command:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewStrongPassword';

3. Reload the privilege information:

FLUSH PRIVILEGES;

4. After completing the work, log out of MySQL:

exit

4. Restart the MySQL Service

Restart the MySQL service to re-enable normal authentication:

sudo systemctl restart mysqld

After restarting, log in to MySQL using the newly set password.

Important Notes

• Maintain Security
• While using the --skip-grant-tables option, MySQL is completely unprotected. Perform this task quickly and avoid unnecessary risks.
• Impact on Other Users
• This method is intended for the root account. Ensure that other users are not affected.

Troubleshooting

mysqld_safe Command Not Found

• Cause: On some Linux distributions, mysqld_safe may not be installed.
• Solution: Start MySQL directly using:

sudo mysqld --skip-grant-tables &

Still Unable to Log In After Resetting the Password

• Cause: MySQL may not have reloaded the updated privilege information.
• Solution: Log in again and run FLUSH PRIVILEGES;.

4. Best Practices to Strengthen MySQL Security

Properly managing the MySQL root password is important, but it is not enough on its own. To operate a database securely, additional security measures should be implemented. This section introduces practical ways to enhance MySQL security.

Set a Strong Password

Database security heavily depends on password strength. Follow these guidelines when creating a strong password.

Password Creation Guidelines

• Length: At least 12 characters
• Character Types: A combination of uppercase letters, lowercase letters, numbers, and symbols
• Example: 2#SecureMySQL_2025!

Apply Security Policies

MySQL allows you to configure password validation policies. Use the following command to check the current policy:

SHOW VARIABLES LIKE 'validate_password%';

If necessary, modify the policy as follows:

SET GLOBAL validate_password_policy = 'MEDIUM';
SET GLOBAL validate_password_length = 12;

Remove Unnecessary Accounts and Data

Check and Delete Unnecessary Accounts

During installation, MySQL may create default test accounts or anonymous users. These can pose security risks and should be removed if not needed.

1. Check the current user list:

SELECT user, host FROM mysql.user;

2. Delete unnecessary users:

DROP USER 'username'@'hostname';

Delete the Test Database

Remove the test database created during installation:

DROP DATABASE test;

Restrict Root Account Access

Limiting access to the root account enhances security.

Restrict to Local Access Only

By default, the root account may allow remote connections. Restrict it to local access only:

UPDATE mysql.user SET host = 'localhost' WHERE user = 'root';
FLUSH PRIVILEGES;

Create a Separate Administrative Account

Instead of using the root account directly, it is recommended to create a dedicated administrative account for specific tasks.

CREATE USER 'admin'@'localhost' IDENTIFIED BY 'StrongAdminPassword';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;

Apply the Principle of Least Privilege

Improve security by granting each user only the minimum privileges necessary.

Check Existing Privileges

SHOW GRANTS FOR 'username'@'hostname';

Revoke Unnecessary Privileges

REVOKE ALL PRIVILEGES ON database_name.* FROM 'username'@'hostname';

Automate MySQL Security Configuration

MySQL provides the mysql_secure_installation command to simplify security configuration. Running this command allows you to:

• Remove test accounts and databases
• Disable remote root login
• Apply security policies

Execution Command

sudo mysql_secure_installation

Perform Regular Backups

As part of strengthening security, regular database backups are highly recommended. This ensures you can restore data in case of unexpected issues.

Backup Examples

1. Back up all databases:

mysqldump -u root -p --all-databases > backup.sql

2. Back up a specific database:

mysqldump -u root -p database_name > database_name_backup.sql

5. Frequently Asked Questions (FAQ)

Below are frequently asked questions and answers regarding MySQL root password management and security configuration. Use this section for troubleshooting and resolving additional concerns.

Q1. I cannot find the initial MySQL password in the log. What should I do?

A1:
In MySQL 5.7 and later, the initial password is recorded in the log file (typically /var/log/mysqld.log). However, if the log file cannot be found or has been deleted, try the following:

1. Reinstalling MySQL will generate a new temporary password.
2. If you still cannot log in, refer to “What to Do If You Forgot the Root Password” and reset the password.

Q2. Can users other than root change their passwords using the same procedure?

A2:
Yes, users other than root can change their passwords using the same method. However, administrative privileges for that user are required. Use the following command:

ALTER USER 'username'@'hostname' IDENTIFIED BY 'NewStrongPassword';

Q3. The mysqld_safe command is not found. What should I do?

A3:
On some Linux distributions, mysqld_safe may not be installed. In this case, you can start MySQL with the --skip-grant-tables option using the mysqld command:

sudo mysqld --skip-grant-tables &

However, since this disables authentication, the same security precautions apply.

Q4. I changed the password but still cannot log in. Why?

A4:
Possible causes include the following:

1. Privilege information was not updated:
   After changing the password, run the following command to refresh privileges:

FLUSH PRIVILEGES;

2. Typing error:
   Ensure that uppercase letters, lowercase letters, and special characters in the new password are entered correctly.
3. Password policy restrictions:
   MySQL may reject weak passwords based on its security policy. Check the policy settings and use a stronger password.

Q5. Is there a way to strengthen MySQL security all at once?

A5:
To efficiently configure MySQL security settings, it is recommended to use the mysql_secure_installation command. This command automatically performs the following:

• Removes test users and databases
• Disables remote root login
• Applies a strong password policy

Run the command as follows:

sudo mysql_secure_installation

Q6. Does password management differ depending on the MySQL version?

A6:
Yes, the method of managing the root password may differ depending on the MySQL version. The main differences are:

• MySQL 5.7 and later:
  A temporary password is automatically generated and recorded in the log file.
• MySQL 5.6 and earlier:
  The initial password may be empty (no password set).

To check your MySQL version, use the following command:

mysql --version

Q7. How can I allow remote connections for the root user?

A7:
For security reasons, remote root access is not recommended. However, if necessary, you can enable it with the following commands:

1. Allow remote access:

UPDATE mysql.user SET host = '%' WHERE user = 'root';

2. Reload privilege information:

FLUSH PRIVILEGES;

Important:
If you allow remote access, make sure to implement additional security measures such as firewall rules and IP restrictions.

Q8. Can you briefly explain the steps to reset the root password?

A8:

1. Stop the MySQL service:

sudo systemctl stop mysqld

2. Start MySQL with authentication disabled:

sudo mysqld_safe --skip-grant-tables &

3. Reset the password:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewStrongPassword';
FLUSH PRIVILEGES;

4. Restart the MySQL service:

sudo systemctl restart mysqld